# Filters added to this controller apply to all controllers in the application.
# Likewise, all the methods added will be available for all controllers.

class ApplicationController < ActionController::Base

  before_filter :authorize, :except => :login
  before_filter :set_vars

  helper :all # include all helpers, all the time
  #protect_from_forgery # See ActionController::RequestForgeryProtection for details

  # Scrub sensitive parameters from your log
  filter_parameter_logging :password

  def current_user
    User.find_by_id(session[:user_id])
  end
  
  protected

  def authorize
    unless User.find_by_id_and_is_logged_in(session[:user_id], true)
      session[:original_uri] = request.request_uri
      redirect_to :controller => 'login', :action => 'login'
    end
    session[:koko] = ActiveSupport::SecureRandom.hex(16)
  end

  def set_vars
    if ['items', 'link'].include?(params[:controller]) && request.post?
      @grid = Grid.find(params[:data][:gridId])
      @users = User.find(:all, :conditions => ['is_logged_in = ? AND id <> ?', true, session[:user_id]]) #TODO: and grids.include?(@grid)
    end
  end


end